Sponsored Links

Postfix as a backup MX host

Outdated!

This article is outdated. I no longer run a backup MX at all and have not done so for years. The disadvantages outweigh the benefits.

Pro:

Messages queue up on a server you control.

You get to choose how long messages are queued before they are returned to the sender.

Con:

Backscatter: Unless you find a way to synchronise your list of valid users, your backup MX may initially accept a message for delivery, only to find that it is rejected by the primary MX. This can result in non-delivery reports being sent to innocent parties whose email address has been used as a forged 'from:' header by spammers. Synchronising configurations and valid user lists results in...

...Increased complexity: Another server, another mail queue, another RAID array -- it's just one more place for messages to go missing or get delayed in an already messy protocol.

A Vector for spam: Spammers do not respect the priority of your DNS MX records. If your primary MX server is reliable, the only mail that will hit your backup MX will be spam. I think that this skews SpamAssassin's bayes database.

Not necessary to queue mail: Email messages will queue on your senders' MXes for a few days, which should be long enough to resolve your problems. If an email isn't delivered for three or four days, it's probably useless anyway, so it's better that it is returned to the sender.

Still want to do it? Well, here's the old article:

I've had Postfix/amavisd-new/SpamAssassin/ClamAV/Courier running smoothly on my toaster for a while, thanks to Christoph Haas. Paranoid thoughts have since crept in; what would happen if my toaster were to stop working?

Luckily, I'm the kind of guy who has an old laptop many miles away, quietly humming away under my parents' desk. (No, I don't live in my parents' basement) This would do nicely as a backup MX!

My victim in this case is a Toshiba PIII 700 with a dizzying 64MB RAM, on which I've installed Ubuntu breezy. My parents have a dynamic IP address, which seldom changes in practice. Usually, it's not practical operate a mail server on a dynamic IP because many major ISPs like Yahoo and AOL block any mail from such IP ranges. In this case I'm not concerned, the purpose of a backup MX is to hold on to mail until the primary MX becomes available again, so it is only delivering mail to servers under my control (I will not block my own mail!).

I need to give the backup MX a hostname, I've chosen mail2.toastputer.net - I'm so creative. Fortunately, toastputer.net is hosted by dyndns.org, so I will set the laptop to update it's ip address with ddclient.

# apt-get install ddclient

ddclient works with other services like Hammernode, Zoneedit and EasyDNS. It is very easy to set up.

Lets get on with it and install postfix:

# apt-get install postfix

I chose 'no configuration', because I wanted complete control. Once Postfix is installed, cd to /etc/postfix and sudo vi main.cf

Here's my main.cf with comments to explain what's going on:

#This is the default and will do for me
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
#Notifies users of new mail using comsat. Since I have no local users or comsat, seems sensible to turn it off
biff = no
# appending .domain is the MUA's job. - disable rewriting of user@host to user@host.domain
append_dot_mydomain = no

Test it. Stop the MTA on your primary MX and send yourself some email from gmail (or something). If you $ tail -f /var/log/mail.log on your backup MX, you'll see the mail queuing up. Start your MTA again and it'll get delivered to you. Use # postqueue -f if you are impatient.